Cookie Policy
Last updated: May 14, 2026
Pursuant to Regulation (EU) 2016/679 (GDPR)
Version: 1.0
1. Data Controller
The data controller for personal data collected through cookies on www.unrivle.com is:
Unrivle
Email: privacy@unrivle.com
Website: www.unrivle.com
2. What Are Cookies and Similar Technologies
Cookies are small text files that websites send to the user's device (computer, tablet, smartphone), where they are stored and subsequently retransmitted to the same websites on future visits.
In addition to traditional cookies, this website uses similar technologies including:
- Pixel tags (web beacons): invisible code snippets that detect specific user actions on the page
- Server-side APIs (Conversion API):data transmitted directly from Unrivle's servers to marketing platforms, bypassing the browser
- Local storage and session storage: browser-based storage mechanisms similar to cookies
3. Categories of Cookies Used
3.1 Technical and Strictly Necessary Cookies
These cookies are essential for the correct functioning of the website. They do not require the user's consent.
| Cookie | Provider | Purpose | Duration | Legal Basis |
|---|---|---|---|---|
| _cf_bm | Cloudflare | Security and bot prevention | 30 minutes | Legitimate interest |
| unrivle_cookie_consent | Unrivle | Stores the user's cookie consent preferences (technically a localStorage entry, treated as a cookie under EU cookie law) | Until cleared by the user | Legitimate interest |
| unrivle_geo | Unrivle | Stores the visitor country (derived from the Vercel x-vercel-ip-country header) so the consent banner can be shown only to EU/EEA/UK/CH visitors and the Do Not Sell link can be surfaced to US visitors | 30 days | Legitimate interest |
_cf_bm
Cloudflare — Security and bot prevention
Duration: 30 minutes · Legal Basis: Legitimate interest
unrivle_cookie_consent
Unrivle — Stores the user's cookie consent preferences (technically a localStorage entry, treated as a cookie under EU cookie law)
Duration: Until cleared by the user · Legal Basis: Legitimate interest
unrivle_geo
Unrivle — Stores the visitor country (derived from the Vercel x-vercel-ip-country header) so the consent banner can be shown only to EU/EEA/UK/CH visitors and the Do Not Sell link can be surfaced to US visitors
Duration: 30 days · Legal Basis: Legitimate interest
3.2 Analytics Cookies
These cookies allow us to collect statistical information about website usage. Their use is subject to the user's consent.
| Cookie | Provider | Purpose | Duration | Legal Basis |
|---|---|---|---|---|
| _ga | Google Analytics | Distinguish unique users | 2 years | Consent |
| _ga_* | Google Analytics | Maintain GA4 session state | 2 years | Consent |
| _gid | Google Analytics | Distinguish users within 24h | 24 hours | Consent |
| _gat | Google Analytics | Throttle request frequency | 1 minute | Consent |
| __hstc | HubSpot | Visit tracking and analytics | 13 months | Consent |
| hubspotutk | HubSpot | CRM contact deduplication | 13 months | Consent |
| __hssc | HubSpot | Current session tracking | 30 minutes | Consent |
| __hssrc | HubSpot | New browser session detection | Session | Consent |
| CLID | Microsoft Clarity | User ID for session recording | 1 year | Consent |
| _clck | Microsoft Clarity | Persist user ID across sessions | 1 year | Consent |
| _clsk | Microsoft Clarity | Group page views into a session | 24 hours | Consent |
| SM | Microsoft Clarity | Cross-domain MS synchronisation | Session | Consent |
_ga
Google Analytics — Distinguish unique users
Duration: 2 years · Legal Basis: Consent
_ga_*
Google Analytics — Maintain GA4 session state
Duration: 2 years · Legal Basis: Consent
_gid
Google Analytics — Distinguish users within 24h
Duration: 24 hours · Legal Basis: Consent
_gat
Google Analytics — Throttle request frequency
Duration: 1 minute · Legal Basis: Consent
__hstc
HubSpot — Visit tracking and analytics
Duration: 13 months · Legal Basis: Consent
hubspotutk
HubSpot — CRM contact deduplication
Duration: 13 months · Legal Basis: Consent
__hssc
HubSpot — Current session tracking
Duration: 30 minutes · Legal Basis: Consent
__hssrc
HubSpot — New browser session detection
Duration: Session · Legal Basis: Consent
CLID
Microsoft Clarity — User ID for session recording
Duration: 1 year · Legal Basis: Consent
_clck
Microsoft Clarity — Persist user ID across sessions
Duration: 1 year · Legal Basis: Consent
_clsk
Microsoft Clarity — Group page views into a session
Duration: 24 hours · Legal Basis: Consent
SM
Microsoft Clarity — Cross-domain MS synchronisation
Duration: Session · Legal Basis: Consent
3.3 Marketing and Profiling Cookies
These cookies are used to track users across multiple websites to display relevant advertisements. Their use is subject to the user's consent.
| Cookie | Provider | Purpose | Duration | Legal Basis |
|---|---|---|---|---|
| _fbp | Meta (Facebook) | Identify users for retargeting | 3 months | Consent |
| _fbc | Meta (Facebook) | Track ad clicks | 2 years | Consent |
| fr | Meta (Facebook) | Retargeting and conversion measurement | 3 months | Consent |
_fbp
Meta (Facebook) — Identify users for retargeting
Duration: 3 months · Legal Basis: Consent
_fbc
Meta (Facebook) — Track ad clicks
Duration: 2 years · Legal Basis: Consent
fr
Meta (Facebook) — Retargeting and conversion measurement
Duration: 3 months · Legal Basis: Consent
4. Third-Party Services and International Data Transfers
Google LLC — Google Analytics and Google Tag Manager are provided by Google LLC (USA), on the basis of Standard Contractual Clauses (SCCs). Privacy Policy: policies.google.com/privacy
HubSpot, Inc. — HubSpot CRM, email marketing and chat are provided by HubSpot, Inc. (USA), on the basis of SCCs. Privacy Policy: legal.hubspot.com/privacy-policy
Resend, Inc.— Resend is used for automated transactional emails. It processes only the recipient's email address and delivery metadata. Privacy Policy: resend.com/legal/privacy-policy
Meta Platforms Ireland Ltd. — Meta Pixel and Meta Conversion API (CAPI). Data is hashed prior to transmission (SHA-256). Privacy Policy: facebook.com/policy
Microsoft Corporation — Microsoft Clarity is a session recording and heatmap service. Data is pseudonymised. Privacy Policy: privacy.microsoft.com
5. Purposes of Processing and Legal Bases
- Website operation: ensuring correct delivery of services (legitimate interest, Art. 6(1)(f) GDPR)
- Statistical analysis: understanding how users interact with the website (consent, Art. 6(1)(a) GDPR)
- Marketing and retargeting: displaying relevant ads on Meta platforms (consent, Art. 6(1)(a) GDPR)
- Session recording: analysing user behaviour via Microsoft Clarity (consent, Art. 6(1)(a) GDPR)
- Email marketing: sending commercial communications via HubSpot (consent, Art. 6(1)(a) GDPR)
- Security: preventing abuse, bots and fraudulent activity (legitimate interest, Art. 6(1)(f) GDPR)
6. Managing and Withdrawing Consent
The website implements Google Consent Mode v2 with a geo-aware default. Visitor region is inferred from the IP-derived country code (Vercel headerx-vercel-ip-country, stored in the unrivle_geo cookie).
- EU/EEA, UK and Switzerland: all analytics and marketing trackers are blocked by default. A cookie consent banner is shown and consent must be granted before any non-essential cookie is set. Users may accept all cookies or decline.
- Other jurisdictions (e.g. United States, Australia, rest of the world): analytics and marketing are enabled by default in line with applicable opt-out frameworks (e.g. CCPA/CPRA in California and similar US state laws). The banner is not shown; an opt-out is always available via our Do Not Sell or Share My Personal Information page.
Consent preferences are stored in the unrivle_cookie_consent entry (browser localStorage, treated as a cookie under EU cookie law) and persist until cleared by the user. Users may modify or withdraw consent at any time by clearing site data in the browser or using the Do Not Sell page above.
6.1 Managing Cookies via Browser Settings
- Google Chrome:Settings > Privacy and security > Cookies and other site data
- Mozilla Firefox:Options > Privacy & Security > Cookies and Site Data
- Apple Safari:Preferences > Privacy > Manage Website Data
- Microsoft Edge:Settings > Cookies and site permissions
6.2 Service-Specific Opt-Outs
- Google Analytics: tools.google.com/dlpage/gaoptout
- Meta (Facebook):Facebook account settings > Ad preferences
- Microsoft Clarity: clarity.microsoft.com/optout
- HubSpot: Unsubscribe link in every commercial email
7. Data Subject Rights
Under Articles 15–22 of the GDPR, users have the right to access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent.
To exercise these rights: privacy@unrivle.com
Users also have the right to lodge a complaint with the competent supervisory authority.
8. Data Retention
Personal data collected through cookies is retained for the period strictly necessary for the purposes described in Section 3.
9. Updates to this Cookie Policy
This Cookie Policy may be updated at any time. The date of the last update is indicated in the header of this document.
10. Contact
Unrivle — Email: privacy@unrivle.com — Website: www.unrivle.com
Address: Via Antonio Monaco 20, 87100 Cosenza, Italy